Skip to Content

Open Internet

How a Tech Merger Might Raise Data-Related Antitrust Concerns

/ George Slover

Discussions regarding appropriate policy responses to the power of tech companies frequently involve user and transaction data, which are central to the business models of so many tech products and services. One result is an increasing need to think carefully about the interface between antitrust and privacy. For example, CDT recently wrote about the importance of ensuring that new competition legislation did not inadvertently limit the ability of online platforms to protect user privacy and security.

Another area where these two policy issues can intersect is in the context of mergers and acquisitions, where data can sometimes be an asset giving rise to competition concerns that require antitrust analysis and enforcement, but other times may exacerbate privacy concerns that are not the appropriate subject of the antitrust laws. 

This question resurfaced in two planned acquisitions Amazon announced last summer – One Medical, a group physician practice, and iRobot, manufacturer of the Roomba auto-navigating floor vacuum. Both acquisitions have been under active antitrust investigation by the Federal Trade Commission. (The One Medical acquisition has now gone forward, but the FTC is still investigating it, and could potentially seek to unwind it.)

The interest in the impacts of a merger’s aggregation of data is not limited to Amazon and other familiar online platform giants. It has also been featured in news reports regarding the proposed Kroger-Albertsons grocery store merger, likewise under active investigation by the FTC, and the effects of combining the troves of data they collect through their shoppers’ use of loyalty cards at checkout. 

Depending on what the facts show, these types of transactions could give rise to traditional antitrust concerns, such as potential harm to horizontal, head-to-head competition. For example, the Amazon transactions could raise potential horizontal competition implications if there were evidence that Amazon might otherwise expand into the One Medical and Roomba spaces through its own efforts. And Amazon has a strong presence in a broader smart home device market, with smart-speaker voice assistant Alexa and video security doorbell Ring. Others have raised possible vertical concerns regarding the potential for Amazon’s online shopping service to favor its new affiliates over competitors, such as in their placement in online searches or in their eligibility for Amazon Prime.

But the aspect of these acquisitions getting the most media attention is the sensitive personal data that Amazon would obtain. The acquisition of One Medical would put sensitive patient health and treatment information in Amazon’s hands, creating significant potential privacy concerns. Will Amazon, for example, use health data or inferences about a customer’s health to help decide the products consumers see and the prices they pay?

Roomba’s higher-end devices can map and even record video of a home’s interior. Many homeowners would not be comfortable with detailed maps and recordings of their homes being shared widely with strangers – whether they be marketers, or other opportunists with more dubious ulterior designs. Or zealous law enforcement officials skirting citizens’ “reasonable expectation of privacy” in their homes, bringing indoors concerns that have been raised outdoors with Amazon’s Ring videos.

There have been growing, well-founded concerns that too much sensitive personal data is being collected and kept by online platforms, far beyond what is justifiably needed for providing the services involved. That concern is exacerbated when the platform obtains even more data as a result of a transaction. As the volume of data increases, so do the attendant risks to privacy and security. For example, a platform could create even more detailed and intimate profiles of individuals and households for use in targeting ads or to sell to brokers. Data breaches could result in even greater harm, particularly if they enable unauthorized access to more sensitive information. 

Currently, privacy laws in the U.S. are far from adequately addressing these privacy risks. Although the Health Insurance Portability and Accountability Act protects certain personal health care information, it does not apply to many actors that hold health data and does not encompass all data that reveal information about someone’s health. And there are broader concerns when health data is combined with other data and used by a company with wide-ranging commercial interests like Amazon. And for iRobot, there are no legal restrictions on access, use, sharing, or sale of the data the Roomba collects, only iRobot’s pledge – which it made as an independent company, pre-merger – that it would share its data only with the consumer’s consent. 

But are these concerns regarding Amazon’s acquisition of more data, and what might happen with that data as a result, antitrust concerns? The government’s authority to investigate mergers and acquisitions – outside of national security concerns regarding acquisitions by foreign entities – is grounded in section 7 of the Clayton Antitrust Act, which makes unlawful an acquisition the effect of which “may be substantially to lessen competition.” (On November 10, 2022, the FTC issued a new Policy Statement Regarding the Scope of Unfair Methods of Competition Under Section 5 of the Federal Trade Commission Act, in which it indicates that it may consider its merger enforcement authority to go beyond the scope of section 7.)

For acquisitions to be challenged under the antitrust laws, they must have a demonstrated potential to harm competition – to substantially reduce the choice that competition fosters – for consumers, and for businesses and communicators who seek to reach them. To use the Amazon transactions as an example, this could potentially occur in at least two ways with respect to the acquisition of data.

First, the additional accumulation of data could potentially increase Amazon’s ability to refine the digital profiles it stores on consumers who do or could make purchases through Amazon. To the extent that this increases Amazon’s market power as an online sales and advertising intermediary, that could potentially constitute a substantial lessening of competition.

Second, the additional accumulation of data could potentially help fortify Amazon’s market power in one or more market sectors and increase barriers to entry – that is, make it more difficult for other companies without similar access to data to make a go of it in those sectors. Achieving that kind of market power through internal growth is not an antitrust violation. But achieving it through an acquisition of another company can be a violation.

An FTC challenge to either of these acquisitions on either of these bases would need to be more than speculative. It would need to be based on more than a general concern regarding Amazon’s market power. The adverse effects on competition that could be caused by the acquisitions would need to be demonstrated, based on the FTC’S fact-specific analysis.

The power of user and transaction data in the online marketplace is well-established. The potential for that power to be exercised to restrict competition has been on the FTC’s radar for many years – as reflected in Commissioner Pamela Harbour’s dissent from the 2007 decision not to challenge Google’s acquisition of DoubleClick. It has been the subject of extensive legal and policy scholarship, with increased recognition of the value of data as an asset, and the need for the competition impacts of its aggregation and use – and how to address them – to be explored. And it is a key factor in the antitrust enforcement actions now pending against Facebook and Google. Its dimensions continue to be plumbed.

As significant as privacy concerns are, however, they cannot be addressed through antitrust enforcement absent a causal link to harm to competition. Absent that, increased privacy concerns must be addressed directly, through stronger privacy laws. That is why, no matter how the FTC comes down on these specific mergers, we need effective, comprehensive privacy protections at the federal level – for which CDT has been advocating for many years, including in House testimony earlier this month, and which Congress and the Federal Trade Commission have been working on delivering. The antitrust laws cannot be enlisted as a surrogate.

If the FTC ultimately challenges either or both of these acquisitions or the Kroger-Albertsons merger, it will be interesting to see whether the additional aggregation of data is a centerpiece of the alleged harm to competition, or is referenced in an ancillary context. And in any event, the interplay between data aggregation and competition will remain an important issue to watch.

Related Reading

CDT joined with other organizations commending Senator Klobuchar for her continued efforts to sustain increased funding for antitrust enforcement. White document on black background.

CDT Joins Others in Letter Supporting Increased Funding for Antitrust Enforcement
CDT Joins Coalition Letter to the Biden Administration on Protecting the Free and Open Internet. White document on a grey background.

CDT Joins Coalition Letter to the Biden Administration on Protecting the Free and Open Internet
CDT joins others in letter opposing the Pro Codes Act. White document on grey background.

CDT Joins Others in Letter Opposing the Pro Codes Act